ByteOS Network

NVD Vulnerability Details :

CVE-2018-15403

Modified

Source-ykramarz@cisco.com

Published At-05 Oct, 2018 | 14:29

Updated At-09 Oct, 2019 | 23:35

A vulnerability in the web interface of Cisco Emergency Responder, Cisco Unified Communications Manager, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an authenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by crafting an HTTP request that causes the web interface to redirect a request to a specific malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	5.4	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Primary	2.0	4.9	MEDIUM	AV:N/AC:M/Au:S/C:P/I:P/A:N

CPE Matches

Cisco Systems, Inc.

>>unified_communications_manager>>10.5\(2.10000.5\)

cpe:2.3:a:cisco:unified_communications_manager:10.5\(2.10000.5\):*:*:*:*:*:*:*

Cisco Systems, Inc.

>>unified_communications_manager>>11.0\(1.10000.10\)

cpe:2.3:a:cisco:unified_communications_manager:11.0\(1.10000.10\):*:*:*:*:*:*:*

Cisco Systems, Inc.

>>unified_communications_manager>>11.5\(1.10000.6\)

cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.10000.6\):*:*:*:*:*:*:*

Cisco Systems, Inc.

>>unified_communications_manager>>12.0\(1.10000.10\)

cpe:2.3:a:cisco:unified_communications_manager:12.0\(1.10000.10\):*:*:*:*:*:*:*

Cisco Systems, Inc.

>>unity_connection>>9.1\(1\)es23

cpe:2.3:a:cisco:unity_connection:9.1\(1\)es23:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>unified_communications_manager_im_and_presence_service>>10.5\(1\)

cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(1\):*:*:*:*:*:*:*

Cisco Systems, Inc.

>>unified_communications_manager_im_and_presence_service>>10.5\(2\)

cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(2\):*:*:*:*:*:*:*

Cisco Systems, Inc.

>>unified_communications_manager_im_and_presence_service>>12.0\(1\)

cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.0\(1\):*:*:*:*:*:*:*

Cisco Systems, Inc.

>>unified_communications_manager_im_and_presence_service>>12.5\(1\)

cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\(1\):*:*:*:*:*:*:*

Cisco Systems, Inc.

>>emergency_responder>>11.5\(4.59000.1\)

cpe:2.3:a:cisco:emergency_responder:11.5\(4.59000.1\):*:*:*:*:*:*:*

Cisco Systems, Inc.

>>emergency_responder>>12.0\(1.40000.3\)

cpe:2.3:a:cisco:emergency_responder:12.0\(1.40000.3\):*:*:*:*:*:*:*

Cisco Systems, Inc.

>>emergency_responder>>12.5\(0.98000.110\)

cpe:2.3:a:cisco:emergency_responder:12.5\(0.98000.110\):*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-601	Primary	nvd@nist.gov
CWE-601	Secondary	ykramarz@cisco.com

References

Hyperlink	Source	Resource
http://www.securitytracker.com/id/1041780	ykramarz@cisco.com	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1041789	ykramarz@cisco.com	Third Party Advisory VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-er-ucm-redirect	ykramarz@cisco.com	Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History